VAR-202011-1276
Vulnerability from variot - Updated: 2024-11-23 21:58A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture.
Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202011-1276",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "modicon m221",
"scope": "eq",
"trust": 1.8,
"vendor": "schneider electric",
"version": null
},
{
"model": "modicon m221",
"scope": "eq",
"trust": 0.8,
"vendor": "schneider electric",
"version": "modicon m221 firmware"
},
{
"model": "modicon tm221",
"scope": "eq",
"trust": 0.6,
"vendor": "schneider electric",
"version": "v1.13.1.0"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"cve": "CVE-2020-7565",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 5.5,
"id": "CVE-2020-7565",
"impactScore": 4.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:A/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CNVD-2024-38820",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.6,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 2.1,
"id": "CVE-2020-7565",
"impactScore": 5.2,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Adjacent Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.3,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2020-7565",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2020-7565",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2020-7565",
"trust": 0.8,
"value": "High"
},
{
"author": "CNVD",
"id": "CNVD-2024-38820",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-202011-1670",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2020-7565",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A CWE-326: Inadequate Encryption Strength vulnerability exists in Modicon M221 (all references, all versions) that could allow the attacker to break the encryption key when the attacker has captured the traffic between EcoStruxure Machine - Basic software and Modicon M221 controller. Modicon M221 Contains a cryptographic vulnerability.Information may be obtained and information may be tampered with. Modicon TM221 is a programmable controller of Schneider Electric (China) Co., Ltd., used for single device control architecture. \n\nSchneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability, which can be exploited by attackers to obtain sensitive information",
"sources": [
{
"db": "NVD",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2020-7565",
"trust": 3.1
},
{
"db": "ICS CERT",
"id": "ICSA-20-343-04",
"trust": 2.5
},
{
"db": "SCHNEIDER",
"id": "SEVD-2020-315-05",
"trust": 1.7
},
{
"db": "JVN",
"id": "JVNVU91936841",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656",
"trust": 0.8
},
{
"db": "CNVD",
"id": "CNVD-2024-38820",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670",
"trust": 0.6
},
{
"db": "VULMON",
"id": "CVE-2020-7565",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"id": "VAR-202011-1276",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
}
],
"trust": 0.06
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"ICS"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
}
]
},
"last_update_date": "2024-11-23T21:58:53.449000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "SEVD-2020-315-05",
"trust": 0.8,
"url": "https://www.se.com/ww/en/download/document/SEVD-2020-315-05/"
},
{
"title": "Patch for Schneider Electric (China) Co., Ltd. Modicon TM221 has an information leakage vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/593141"
},
{
"title": "Schneider Electric Modicon M221 Fixes for encryption problem vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=135518"
},
{
"title": "CVE-2020-7565",
"trust": 0.1,
"url": "https://github.com/AlAIAL90/CVE-2020-7565 "
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-326",
"trust": 1.0
},
{
"problemtype": "Inadequate encryption strength (CWE-326) [ Other ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://www.se.com/ww/en/download/document/sevd-2020-315-05/"
},
{
"trust": 1.7,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2020-7565"
},
{
"trust": 0.8,
"url": "https://jvn.jp/vu/jvnvu91936841/"
},
{
"trust": 0.8,
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-04\u00a5"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/326.html"
},
{
"trust": 0.1,
"url": "https://github.com/alaial90/cve-2020-7565"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-10-07T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"date": "2020-11-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"date": "2021-07-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"date": "2020-11-19T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"date": "2020-11-19T22:15:14.943000",
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2024-09-23T00:00:00",
"db": "CNVD",
"id": "CNVD-2024-38820"
},
{
"date": "2021-08-19T00:00:00",
"db": "VULMON",
"id": "CVE-2020-7565"
},
{
"date": "2021-07-09T06:22:00",
"db": "JVNDB",
"id": "JVNDB-2020-013656"
},
{
"date": "2022-03-10T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202011-1670"
},
{
"date": "2024-11-21T05:37:23.323000",
"db": "NVD",
"id": "CVE-2020-7565"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Modicon\u00a0M221\u00a0 Vulnerability in cryptography",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2020-013656"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "encryption problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202011-1670"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…